git://git.onelab.eu / plstackapi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c35e1ab)
CSRF token support in xoslib
authorScott Baker <smbaker@gmail.com>
Tue, 28 Oct 2014 22:57:40 +0000 (15:57 -0700)
committerScott Baker <smbaker@gmail.com>
Tue, 28 Oct 2014 22:57:40 +0000 (15:57 -0700)
planetstack/core/xoslib/static/js/xoslib/xos-backbone.js patch | blob | history
planetstack/templates/admin/base.html patch | blob | history

diff --git a/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js b/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
index d2d8f17..af79852 100644 (file)
--- a/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
+++ b/planetstack/core/xoslib/static/js/xoslib/xos-backbone.js
@@ -226,4 +226,16 @@ if (! window.XOSLIB_LOADED ) {
     };
 
     xos = new xoslib();
+
+    (function() {
+      var _sync = Backbone.sync;\r
+      Backbone.sync = function(method, model, options){\r
+        options.beforeSend = function(xhr){\r
+          var token = $('meta[name="csrf-token"]').attr('content');\r
+          xhr.setRequestHeader('X-CSRFToken', token);\r
+          console.log(token);\r
+        };\r
+        return _sync(method, model, options);\r
+      };\r
+    })();
 }
diff --git a/planetstack/templates/admin/base.html b/planetstack/templates/admin/base.html
index dc92ca9..21f7974 100644 (file)
--- a/planetstack/templates/admin/base.html
+++ b/planetstack/templates/admin/base.html
@@ -2,6 +2,7 @@
 <html lang="{{ LANGUAGE_CODE|default:"en-us" }}" {% if LANGUAGE_BIDI %}dir="rtl"{% endif %}>
 <head>
   <title>{% block title %}  {%if title %} {{ title }} | {% endif %} {{ 'ADMIN_NAME'|suit_conf }}{% endblock %}</title>
+  <meta name="csrf-token" content="{{csrf_token}}">
   <link rel="stylesheet" type="text/css" href="{% block stylesheet %}{% endblock %}"/>
   <link rel="stylesheet" type="text/css" href="{% static 'suit/bootstrap/css/bootstrap.min.css' %}" media="all"/>
   <link rel="stylesheet" type="text/css" href="{% static 'suit/css/suit.css' %}" media="all">
plstackapi